What's the difference between the Generate Resultant Set of Policy (Logging) and Generate Resultant Set of Policy (Planning) permissions on organizational units (OUs)?

Both permissions control the authority to generate reports in the Group Policy Management Console. GPMC provides two types of reports to help you predict and track how Group Policy Objects (GPOs) will affect computers on which the GPOs are applied. The Generate Resultant Set of Policy (Planning) permission lets you run the Group Policy Modeling wizard, which allows you to select an OU and a few other options to define a scenario in which Group Policy could be applied. Then GPMC simulates application of all the relevant GPOs for the scenario and produces a report that shows you the Group Policy settings (i.e., the Resultant Set of Policies—RSoP) for users and computers in that scenario.

The Generate Resultant Set of Policy (Logging) permission lets you run the Group Policy Results wizard to select a specific user or computer and get a report of the actual RSoP based on logs generated from the last application of Group Policy for that user or computer.

Use the modeling report when you're testing what-if scenarios and the results report when you need to know the actual status of a computer or user. Figure 2 shows GPMC and a results report.